Lucene search
K

368571 matches found

CVE
CVE
added 3 days ago9 views

CVE-2026-13374

CVE-2026-13374 is a stored XSS vulnerability in WatchGuard Fireware OS (ConnectWise Technology Integration module). It affects Fireware OS versions 12.4–12.12, 12.5–12.5.18, and 2025.1–2026.2. The issue stems from improper neutralization of input during web page generation, allowing stored cross-...

4.8CVSS5.7AI score0.00258EPSS
Exploits0References1
CVE
CVE
added 3 days ago9 views

CVE-2026-13373

WatchGuard Fireware OS Tigerpaw Technology Integration module is affected by CVE-2026-13373, exposing a Stored Cross-Site Scripting (XSS) vulnerability. The issue arises from improper neutralization of input during web page generation, enabling stored XSS in affected Fireware versions: 12.4–12.12...

4.8CVSS5.7AI score0.00258EPSS
Exploits0References1
CVE
CVE
added 3 days ago9 views

CVE-2026-13371

WatchGuard Firebox management UI is affected by CVE-2026-13371 due to unsafe deserialization in the put_data endpoint. An authenticated administrator can exploit crafted input to trigger a denial-of-service in the Fireware Management Web UI. The CVSS metrics indicate network access with high priv...

6.9CVSS5.8AI score0.00273EPSS
Exploits0References1
CVE
CVE
added 3 days ago16 views

CVE-2026-54998

CVE-2026-54998 describes an incorrect authorization in Microsoft Exchange Online that enables an authorized attacker to elevate privileges over a network. This vulnerability impacts Exchange Online’s authorization checks, allowing escalation of access from an existing authorized state. The CVSS 3...

8.8CVSS5.8AI score0.00644EPSS
Exploits1References1
CVE
CVE
added 3 days ago15 views

CVE-2026-41106

Technical details for CVE-2026-41106 are not publicly available in the provided documents. Monitor for updates from vendors and security feeds.

9.3CVSS5.6AI score0.00542EPSS
Exploits0References1
CVE
CVE
added 3 days ago36 views

CVE-2026-26145

Technical details (affected product/component, root cause, impact, versions, or remediation) are not publicly provided in the supplied documents. Monitor updates from official sources for concrete information.

4.8CVSS5.8AI score0.00326EPSS
Exploits0References1
CVE
CVE
added 3 days ago13 views

CVE-2026-45499

Technical details for CVE-2026-45499 are not publicly available in the provided documents. Monitor for updates; current sources only reiterate the SSRF elevation in Azure OpenAI without specification of affected products, versions, or fixes.

9.9CVSS5.8AI score0.00622EPSS
Exploits0References1
CVE
CVE
added 3 days ago15 views

CVE-2026-57100

Technical details on affected products/versions, root cause, exploit scenarios, or mitigations are not publicly provided in the supplied documents. Monitor official sources for updates.

9.9CVSS5.8AI score0.00644EPSS
Exploits0References1
CVE
CVE
added 3 days ago13 views

CVE-2026-50721

CVE-2026-50721 concerns Libreswan where the function RSA_authenticate_hash_signature_raw_rsa() does not properly verify the authentication hash length when the SIG payload of an IKEv1 packet is encoded using PKCS#1 RSA Encryption per RFC 2313. This enables a remote attacker to leverage a Bleichen...

8.1CVSS6.3AI score0.00367EPSS
Exploits0References4
CVE
CVE
added 3 days ago10 views

CVE-2026-50722

Libreswan is affected by CVE-2026-50722 through RSA_authenticate_hash_signature_pkcs1_1_5_rsa, which fails to properly verify the DER encoding of the ASN.1 digest when the IKEv2 AUTH payload uses RSASSA-PKCS1-v1_5 (RFC 8017). This enables a remote attacker to perform a Bleichenbacher-like variati...

8.1CVSS6.3AI score0.0033EPSS
Exploits0References4
CVE
CVE
added 3 days ago12 views

CVE-2026-12413

The CVE-2026-12413 issue affects Libreswan’s pluto daemon and is triggered by an invalidly formatted IKEv2 fragment. The root cause is an off-by-one error in the assertion within reassemble_v2_incoming_fragments(), which can cause the daemon to abort when handling certain outer payloads that are ...

7.5CVSS6.4AI score0.00597EPSS
Exploits0References2
CVE
CVE
added 3 days ago11 views

CVE-2026-49360

The connected GHSA advisory describes a vulnerability in Recce OSS server: unauthenticated SQL execution via the query run API when deployments are exposed to an untrusted network. With DuckDB-backed projects, an attacker can leverage DuckDB filesystem primitives to read and write files accessibl...

Exploits0References5
CVE
CVE
added 3 days ago11 views

CVE-2026-49292

Kiwi TCMS’s /init-db/ page vulnerability (CVE-2026-49292 family) allows access to the initial setup page without authentication after first use. The advisory notes that the page is part of the setup process and, in older versions, remains accessible and renders responses even after migrations wou...

0.00048EPSS
Exploits0References4
CVE
CVE
added 3 days ago10 views

CVE-2026-54617

The connected advisories reveal a concrete vulnerability in GravitLauncher LaunchServer (≤ 5.7.11): an unauthenticated path traversal in FileServerHandler that lets an attacker read arbitrary files accessible to the LaunchServer process, including sensitive keys and credentials. Root cause: in Fi...

Exploits0References5
CVE
CVE
added 3 days ago9 views

CVE-2026-49284

CVE-2026-49284 (placeholder entry) relates to SimpleSAMLphp where the SP ACS path does not enforce the IdP used for an SP-initiated login. If a saved state expects IdP A but a response from IdP B arrives, the system may continue processing instead of rejecting, potentially allowing an authenticat...

Exploits0References4
CVE
CVE
added 3 days ago17 views

CVE-2026-52792

The CVE entry relates to Algernon (Go-based web server). On Windows NTFS, file handling uses filepath.Ext() to choose how to serve a script, but NTFS-equivalent filenames like x.lua::$DATA, x.lua., or x.lua are not treated as .lua. This allows an unauthenticated user to request a server-side scri...

0.00077EPSS
Exploits0References4
CVE
CVE
added 3 days ago12 views

CVE-2026-52834

On 32-bit platforms, the vulnerability is in the jxl-grid implementation where an integer overflow during length calculation can cause out-of-bounds writes when decoding a crafted JPEG XL image. The GHSA advisory and OSV-RUSTSEC entry describe a scenario where large frames or canvas/ROI shapes ov...

Exploits0References7
CVE
CVE
added 3 days ago14 views

CVE-2026-52830

The CVE describes a path-traversal in fast-mcp-telegram prior to 0.19.1 where HTTP Bearer tokens are joined into a session-file path. The verifier rejects only the exact reserved token, not path separators or normalized paths, enabling a remote client to authenticate as the default legacy session...

9.4CVSS5.8AI score0.00423EPSS
Exploits0References2
CVE
CVE
added 3 days ago11 views

CVE-2026-49289

Technical details for CVE-2026-49289 are not publicly available in the provided documents. Monitor for updates as information may be released by the reserving party.

Exploits0References4
CVE
CVE
added 3 days ago8 views

CVE-2026-52829

Technical details for CVE-2026-52829 are not publicly available in the provided documents; the entry is reserved. Monitor for updates.

Exploits0References4
Rows per page
Query Builder